CVE-2024-39349
Synology BC500 synocam_param.cgi Stack-based Buffer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 cameras. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the synocam_param.cgi module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-06-21 CVE Published
- 2024-06-24 CVE Reserved
- 2024-07-26 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.synology.com/en-global/security/advisory/Synology_SA_23_15 | 2024-08-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Synology Search vendor "Synology" | Camera Firmware Search vendor "Synology" for product "Camera Firmware" | >= 1.0.0 < 1.0.7-0298 Search vendor "Synology" for product "Camera Firmware" and version " >= 1.0.0 < 1.0.7-0298" | en |
Affected
|